Building a Resilient World: Practical Automation Cybersecurity

Securing Cyber-Physical Systems: ISA in Conversation with Newsweek

Written by Kara Phelps | Aug 25, 2020 9:15:00 AM

In March 2020, Newsweek Vantage published an independent report on securing cyber-physical systems. The International Society of Automation (ISA) served as its expert partner, helping Newsweek staff with concept development, research, and survey creation and analysis.

Eric Cosman, a consulting engineer and the 2020 ISA president, as well as Steve Mustard, an independent consultant and the incoming 2021 ISA president, also shared their industry knowledge as subject-matter experts. Eric and Steve recently joined a phone call with Nigel Holloway, the director of research and editorial at Newsweek Vantage, to discuss key findings—as well as new developments since the report's publication.

A recent post on ISA Interchange, ISA's official blog, features about 30 minutes of audio from the in-depth conversation. You can also read the full transcript, which addresses issues such as IT/OT convergence, the impact of COVID-19 on cybersecurity for critical infrastructure, and why cybersecurity culture at an organization should be treated like safety culture.

Read on for a sampling of quotes from Eric and Steve that illustrate some of the points they make in their conversation with Newsweek Vantage:

Eric Cosman

"The pandemic has shown [organizations] that unanticipated events are something that they have to be prepared for, and I think we're seeing an increased interest in business continuity planning at the at the operations level."

"We need to find ways to make security robust, yet almost invisible."

"I think sometimes the use of 'IT/OT' [as a phrase] just clouds the issue, because it allows people to assume that if you're an IT person, you don't understand high availability. That's a false assumption."

Steve Mustard

"Something like COVID-19 provides the perfect opportunity, for instance, for a hacker to pretend to be a customer to ask an IT company for the credentials it needs in order to get access to the system because they can't get to the office and such like. It creates opportunities for plausible scenarios where hackers can get sensitive information."

"People are the weakest link, but they're also the best line of defense for an organization."

"We're still not at the point where organizations see cybersecurity being a cause of significant failure, whether it be a health and safety or environmental incident or production loss. They still believe it's a relatively minor thing that usually will happen to someone else and not them."

 

To dig in to more insights, listen to the conversation, and read the transcript in full, visit the blog post on ISA Interchange.